C# (CSharp) SSCMS.Core.Utils AttackUtils Beispiele

Programmiersprache: C# (CSharp)

Namespace / Paketname: SSCMS.Core.Utils

Klasse / Typ: AttackUtils

Beispiele auf hotexamples.com: 2

C# (CSharp) SSCMS.Core.Utils AttackUtils - 2 Beispiele gefunden. Dies sind die am besten bewerteten C# (CSharp) Beispiele für die SSCMS.Core.Utils.AttackUtils, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

FilterSql(1)

FilterXss(1)

Beispiel #1

Datei anzeigen

        public static async Task <Dictionary <string, object> > SaveAttributesAsync(IPathManager pathManager, Site site, List <TableStyle> styleList, NameValueCollection formCollection, List <string> dontAddAttributes)
        {
            var dict = new Dictionary <string, object>();

            if (dontAddAttributes == null)
            {
                dontAddAttributes = new List <string>();
            }

            foreach (var style in styleList)
            {
                if (ListUtils.ContainsIgnoreCase(dontAddAttributes, style.AttributeName))
                {
                    continue;
                }
                //var theValue = GetValueByForm(style, site, formCollection);

                var theValue  = formCollection[style.AttributeName] ?? string.Empty;
                var inputType = style.InputType;
                if (inputType == InputType.TextEditor)
                {
                    theValue = await pathManager.EncodeTextEditorAsync(site, theValue);

                    theValue = UEditorUtils.TranslateToStlElement(theValue);
                }

                if (inputType != InputType.TextEditor && inputType != InputType.Image && inputType != InputType.File && inputType != InputType.Video && !StringUtils.EqualsIgnoreCase(style.AttributeName, nameof(Content.LinkUrl)))
                {
                    theValue = AttackUtils.FilterXss(theValue);
                }

                dict[style.AttributeName] = theValue;

                if (style.IsFormatString)
                {
                    var formatString    = TranslateUtils.ToBool(formCollection[style.AttributeName + "_formatStrong"]);
                    var formatEm        = TranslateUtils.ToBool(formCollection[style.AttributeName + "_formatEM"]);
                    var formatU         = TranslateUtils.ToBool(formCollection[style.AttributeName + "_formatU"]);
                    var formatColor     = formCollection[style.AttributeName + "_formatColor"];
                    var theFormatString = ContentUtility.GetTitleFormatString(formatString, formatEm, formatU, formatColor);

                    dict[GetFormatStringAttributeName(style.AttributeName)] = theFormatString;
                }

                //if (inputType == InputType.Image || inputType == InputType.File || inputType == InputType.Video)
                //{
                //    var attributeName = GetExtendAttributeName(style.AttributeName);
                //    dict[attributeName] = formCollection[attributeName];
                //}
            }

            return(dict);
        }

Beispiel #2

Datei anzeigen

Datei: SqlUtils.cs Projekt: apphost/sscms

        public static string GetInStr(DatabaseType databaseType, string columnName, string inStr)
        {
            var retVal = string.Empty;

            inStr = AttackUtils.FilterSql(inStr);

            if (databaseType == DatabaseType.MySql)
            {
                retVal = $"INSTR({columnName}, '{inStr}') > 0";
            }
            else if (databaseType == DatabaseType.SqlServer)
            {
                retVal = $"CHARINDEX('{inStr}', {columnName}) > 0";
            }
            else if (databaseType == DatabaseType.PostgreSql)
            {
                retVal = $"POSITION('{inStr}' IN {columnName}) > 0";
            }

            return(retVal);
        }